Iranian hacker group found responsible for countless cyber attacks

For the last two years, Iranian hackers have been hacking into government agencies and major companies in 16 countries. First believed to be retaliation for a U.S.-Israel created virus that targeted their nuclear program, new evidence suggests that the hacks could be endemic of a more worrisome global plan.

Iranian hackers are responsible for countless cyber attacks
PC World reported that, according to Cylance, a cyber security company, Iranian hackers have infiltrated government agencies and major companies consistently over the last two years. As per the report, hackers have targeted universities, government agencies, and companies in the oil and gas, telecom and aviation industries. Cylance called Iran "the new China" and dubbed their hacking efforts "Operation Cleaver," after the name of the software used to perpetrate the hacks.

USA Today reported that the hackers were primarily based in Tehran, with support coming from group members in the Netherlands, Canada and the U.K.

The Iranian hackers, according to PC World, are responsible for stealing highly sensitive and confidential information from networks in the U.S., U.A.E., Turkey, South Korea, Saudi Arabia, Qatar, Pakistan, Mexico, Kuwait, Israel, India, Germany, France, England, China and Canada. The breadth of their focus is alarming and Cylance CEO Stuart McClure said in a statement that the company recently discovered that all the cases were linked.

"We discovered the scope and damage of these operations during investigations of what we thought were separate cases … Due to the choice of critical infrastructure victims and the Iranian team's quickly improving skill set, we are compelled to publish this report," said McClure, reported PC World.

The hackers are interested in more than money
Cylance also indicated that the hackers downloaded tremendous amounts of data such as airport security details, identification photos and employee information. Also, electricity diagrams, telecom, housing and network information documents were compromised, suggesting that the hacker group is interested in more than just stealing money. With access to infrastructure schematics, one can only guess what their intentions are.

The company wrote in a blog post that while up until this point the hacks do not seem to be linked to deaths, terrorist acts or disruption of services, it is highly possible that the hackers will eventually cause these sorts of calamities.

"While to date Cylance has yet to see Operation Cleaver result in loss of life or disruption of critical services, with the history of this group I see that as a likely consequence of these attacks," the company said, according to PC World.

The investigation into Operation Cleaver has found that the hacks date back to June 2012, but the company speculates the group may have started activities as early as 2010. The investigation also led to the conclusion that the Iranian hacker group is interested in more than just perpetrating attacks against the U.S. and Israel due to political defiance. Their actions instead suggest that they are preparing to make moves which will impact infrastructure on a global scale.

"Such broad targeting demonstrates to the world that Iran is no longer content to retaliate against the US and Israel alone. They have bigger intentions: to position themselves to impact critical infrastructure globally," the company said, reported PC World.

Hacks may be retaliation for US-Israel created worm virus
It is believed that the U.S. and Israel used a worm virus – Stuxnet/Duqu/Flame – to target Iranian nuclear facilities in the past. USA Today reported that Stuxnet was able to briefly disrupted Iran's uranium-enrichment activity in 2010. The worm virus, according to PC World, was mistakenly unleashed on the Internet at large, leading to its discovery by the public. The Iranian attacks were considered to be retaliation for the virus, but that it seems now that their actions have wider-reaching implications.

"It has been commonly postulated that almost all activity since 2010 coming out of Iran is associated with retaliation for Stuxnet/Duqu/Flame, which seems natural given the severity of the impact … But they don't need Stuxnet as motivation to want to hack the world. They have long desired power on the political stage, in particular in the fight for nuclear power autonomy," the company said.

Cylance also speculated that the attacks may have been intended to give Iran useful information to use during negotiations over its nuclear program with other countries. It remains to be seen how this situation will unfold, but it is clear that spying and surveillance efforts will continue behind the scenes on the Internet until the situation is resolved or addressed.